Gen Q1/2025 Cyber Threat Report: Protecting millions amid rapidly evolving attacks

Cyber criminals are launching more sophisticated, targeted campaigns.

---

The first quarter of 2025 has unfolded a cyber threat landscape that’s less about quantity and far more about quality – and danger. While global data shows a drop in the sheer number of attacks, this doesn’t signal a reprieve. Instead, threat actors are evolving, favouring precision, deception and financial gain over indiscriminate volume. Cyber criminals are adapting fast to new technologies, platforms and user habits, launching more sophisticated, targeted campaigns that challenge even the most vigilant defenders. In regions like Africa, where cyber risks are rising rapidly, trusted partners such as Avert ITD – the official distributor of Avast and AVG cyber security solutions – play a crucial role in delivering advanced protection tailored to local needs.

Q1 2025 Uncovered Gen Threat Labs reveals latest trends.

---

The global cyber risk index hovered at a steady 24.53% in Q1 2025, continuing the high-risk environment seen since late 2024. While fewer attacks were reported overall, this dip is deceptive. Cyber criminals are focusing their efforts on fewer but far more complex and targeted intrusions. This shift is driven largely by the expanding use of artificial intelligence (AI), deepfakes and social engineering that exploit trust and platform vulnerabilities.

One of the most striking developments in Q1 came from the financial crime sector, where attackers have raised the stakes with innovative scams. The CryptoCore group launched an elaborate campaign centred on deepfake videos, hijacked YouTube accounts and cloned websites that mimicked legitimate crypto giveaways tied to President Trump’s 2025 inauguration. This hi-tech scam reportedly netted around $3.8 million across more than 2 200 transactions.

Mobile banking threats also surged. The Crocodilus Trojan emerged as a particularly nasty strain, abusing accessibility features on smartphones to stealthily steal crypto credentials. This threat was especially prevalent in Spain and Turkey. Meanwhile, LifeLock’s monitoring service recorded a notable increase in fraud alerts, confirming the growing financial risk consumers face.

Data breaches exploded in volume and severity this quarter, with breach events rising over 36% and compromised personal records soaring by an astonishing 186%. This jump signals that threat actors are not only increasing access but also harvesting far larger data caches.

One key culprit was the Lumma Stealer, a sophisticated infostealer tool that targeted credentials, crypto wallets and two-factor authentication tokens. After rapid proliferation, Lumma was taken down in a co-ordinated Europol and Microsoft operation, underscoring how global partnerships are crucial in combating cyber crime.

Phishing attacks also escalated, with criminals exploiting low-code platforms like Weebly and Wix to host deceptive login pages. These pages are harder to detect because they reside on trusted domains, making phishing e-mails more convincing and bypassing traditional e-mail filters. Major phishing campaigns targeted telecoms and streaming customers in the US and Australia, exposing how easily these tactics can be localised and scaled.

Ransomware remained a significant threat. The Magniber ransomware strain continued to dominate attacks, responsible for about 67% of cases and impacting over 100 000 users worldwide. However, the most notable newcomer was FunkSec, a ransomware strain reportedly crafted with AI-generated code.

This development could signal a new era where AI lowers the technical barrier for cyber criminals, enabling faster creation and deployment of malicious software. Interestingly, despite continued attacks, ransom payments declined 35% year over year in 2024, reflecting growing resistance from victims and successful law enforcement efforts targeting crypto infrastructure.

Scam-yourself attacks – where victims are tricked into infecting their own devices – expanded significantly. FakeCaptcha scams, once mainly a Windows problem, are now infecting macOS users too, delivering infostealers like AMOS stealthily.

Fake browser update scams targeting European users increased an eye-popping 17-fold this quarter. These scams lure users into downloading malware disguised as routine browser patches.

More than 4 million users were protected from these scams in Q1 alone, but the threat remains formidable. These attacks often revive older malware strains like Wincir RAT, relying on social engineering tactics to get users to execute malicious installers manually.

Threats detected per social media platform.

---

Social platforms remain fertile ground for fraudsters. Cyber criminals exploit compromised accounts, AI-generated personas, influencers and platform advertising to add legitimacy to their scams, especially on Facebook and YouTube.

Fake influencers – such as the AI persona “Thomas Harris” – promote bogus crypto trading tools through unlisted YouTube videos amplified by targeted ads. These channels often appear legitimate by mimicking official branding, deleting original content and even linking to genuine videos to build trust.

Attackers often direct users to copy malicious smart contract code into fake coding environments, draining crypto funds via cleverly disguised scams on typo-squatted websites.

Mobile adware and spyware infections rose sharply, with a 25% increase in protected users. Brazil, India, Argentina and Mexico were hotspots for adware campaigns led by HiddenAds and MobiDash. Mexico alone saw adware infections increase by 42%.

Spyware also grew by 6%, with new strains like SpySolr and Tambir targeting users in Turkey and India. Spain and Turkey experienced especially large spikes in spyware attacks, increasing 96% and 84%, respectively.

Cyber threat exposure varies widely around the globe:

• Highest-risk countries: China (48.6%), Georgia (44.5%), and Vietnam (39%).
• Lower-risk countries: Japan (16.1%), Germany (20.1%), and France (24.9%).
• Strong resilience: Scandinavian countries such as Finland, Sweden and Norway hovered below 24% risk,
• South America: Brazil and Argentina saw notable mobile threat spikes, underscoring the region’s rising cyber risks.
• Low-risk regions: Areas like Haiti and the Democratic Republic of Congo maintained low risk mainly due to limited internet infrastructure.

Avast business.

---

In the face of these evolving cyber threats, choosing the right cyber security partner is critical – especially in regions facing rapidly increasing risks like Africa. Avast and AVG position themselves as global leaders in anti-virus and cyber security, offering advanced protection against malware, ransomware, phishing and more. With AI-powered threat detection and real-time updates, both brands safeguard your devices – Windows, macOS, Android and iOS – against evolving cyber threats.

• Comprehensive protection: Real-time defence against various online threats.
• Cross-platform security: Safeguard multiple devices with one subscription.
• Privacy features: VPN, identity protection and data breach monitoring.
• User-friendly interface: Easy to use, with minimal impact on device performance.

As the official distributor of Avast and AVG in Africa, AvertITD brings world-class cyber security solutions tailored to the African market.

• Local support: Dedicated, expert assistance.
• Competitive pricing: Affordable, flexible plans.
• Enterprise solutions: Scalable protection for businesses of all sizes.

Empowering African users and organisations with Avast and AVG means staying one step ahead in an increasingly complex threat landscape.

Gen Threat Report.

---

The Q1 2025 cyber threat landscape highlights several important trends:

• Cyber criminals are prioritising quality over quantity, with smaller, more sophisticated and targeted attacks replacing mass spam and generic malware campaigns.
• AI and deepfake technology are game-changers in scams, enabling hyper-realistic impersonations and more convincing social engineering.
• Mobile threats continue to rise, especially in developing markets where smartphone adoption is high but security awareness and protections lag.
• Phishing is evolving, leveraging trusted platforms like website builders to host malicious pages, making detection harder.
• Social media fraud is exploding, exploiting influencer culture and trusted platforms to lure victims.

For individuals and organisations, this means staying informed, sceptical of “too good to be true” offers, and cautious about any requests to download software, update browsers or enter sensitive information on unfamiliar sites.

The cyber threat activity observed in Q1 2025 confirms that although the overall volume of attacks may be declining, the danger remains significant. Cyber criminals’ shift towards AI-enhanced, precision-targeted and socially engineered attacks demands ongoing vigilance and proactive defence measures.

The new report format aims to clarify these complex developments and make them more actionable. By understanding emerging threat trends, users can better protect themselves and their digital assets in an increasingly perilous cyber landscape.

This analysis and guidance are provided thanks to the expertise of Jakub Křoustek, Threat Research Director at Gen, and the dedicated Gen Threat Research Team.

Avert ITD is your trusted cyber security partner, delivering powerful Avast and AVG solutions supported by decades of experience and in-depth local knowledge.

Avert ITD offers flexible pricing, scalable security tools and personalised support, from cyber security experts based right here in Africa. Its real-time WhatsApp and live chat services make communication easy, and its reseller programme includes education and training to help your business succeed.

Contact Avert ITD today

Join the Avert ITD reseller network and elevate your cyber security portfolio:

Johannesburg: (+27) 010 007 4430

Cape Town: (+27) 021 007 2655

E-mail: sales@avertitd.com

WhatsApp: (+27) 060 518 0001

LinkedIn: Follow Avert ITD